On Sat, Mar 7, 2015 at 9:13 AM, Oleg Nesterov <o...@redhat.com> wrote:
>> + /*
>> + * Ensure we emit the owner->on_cpu, dereference _after_
>> + * checking sem->owner still matches owner, if that fails,
>> + * owner might point to free()d memory, if it still matches,
>> + * the rcu_read_lock() ensures the memory stays valid.
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> Yes, this is another case when we wrongly assume this.
>
> Peter, should I resend
>
> [PATCH 3/3] introduce task_rcu_dereference()
> http://marc.info/?l=linux-kernel&m=141443631413914
>
> ? or should we add another call_rcu() in finish_task_switch() (like -rt does)
> to make this true?
I think we should just make 'task_struct_cachep' have SLAB_DESTROY_BY_RCU.
It has almost no overhead - since it only affects the final page
freeing, not the actual slab alloc/free paths - and it means that you
can do the "access for reading under rcu lock" without worrying.
Of course, with SLAB_DESTROY_BY_RCU, a task may be re-allocated (to
*another* task) even under RCU, so the results from unlocked RCU read
accesses aren't "guaranteed" in that sense, but it's fine for
optimistic spinning where the code also ends up re-checking that the
task pointer itself matches. Getting the occasional race with "oops,
task went away" is fine, as long as we don't keep looping over a dead
task.
Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
